cnvd - cnvd-2020-04705

cnvd-2020-04705

Vulnerability from cnvd

Title: ZOHO ManageEngine ADSelfService Plus信息泄露漏洞（CNVD-2020-04705）

Description:

ZOHO ManageEngine ADSelfService Plus是美国卓豪（ZOHO）公司的一套基于Web的终端用户密码管理软件。

ZOHO ManageEngine ADSelfService Plus 5.6 Build 5607版本中存在信息泄露漏洞，攻击者可利用该漏洞检索系统的内部信息并更改产品的安装。

Severity: 中

Formal description:

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.manageengine.com/products/self-service-password/

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-7162 https://excellium-services.com/cert-xlm-advisory/cve-2019-7162/

Impacted products

Name
ZOHO Corporation ManageEngine ADSelfService Plus 5.6 Build 5607

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-7162",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2019-7162"
    }
  },
  "description": "ZOHO ManageEngine ADSelfService Plus\u662f\u7f8e\u56fd\u5353\u8c6a\uff08ZOHO\uff09\u516c\u53f8\u7684\u4e00\u5957\u57fa\u4e8eWeb\u7684\u7ec8\u7aef\u7528\u6237\u5bc6\u7801\u7ba1\u7406\u8f6f\u4ef6\u3002\n\nZOHO ManageEngine ADSelfService Plus 5.6 Build 5607\u7248\u672c\u4e2d\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u68c0\u7d22\u7cfb\u7edf\u7684\u5185\u90e8\u4fe1\u606f\u5e76\u66f4\u6539\u4ea7\u54c1\u7684\u5b89\u88c5\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.manageengine.com/products/self-service-password/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-04705",
  "openTime": "2020-02-12",
  "products": {
    "product": "ZOHO Corporation ManageEngine ADSelfService Plus 5.6 Build 5607"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-7162\r\nhttps://excellium-services.com/cert-xlm-advisory/cve-2019-7162/",
  "serverity": "\u4e2d",
  "submitTime": "2020-01-02",
  "title": "ZOHO ManageEngine ADSelfService Plus\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2020-04705\uff09"
}

CVE-2019-7162 (GCVE-0-2019-7162)

Vulnerability from cvelistv5

Published

2019-12-31 14:10

Modified

2025-05-30 16:01

Severity ?

CWE

Summary

An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation.

References

▼	URL	Tags
	https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/
	https://www.excellium-services.com/cert-xlm-advisory
	https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7162

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:38:33.498Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2019-02-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-30T16:01:21.821Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
        },
        {
          "url": "https://www.excellium-services.com/cert-xlm-advisory"
        },
        {
          "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-7162"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-7162",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Zoho ManageEngine ADSelfService Plus 5.6 Build 5607. An exposed service allows an unauthenticated person to retrieve internal information from the system and modify the product installation."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/",
              "refsource": "MISC",
              "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-7162/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-7162",
    "datePublished": "2019-12-31T14:10:58.000Z",
    "dateReserved": "2019-01-29T00:00:00.000Z",
    "dateUpdated": "2025-05-30T16:01:21.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted